By John P Collins, JD DTI, Director of Information Governance & Office 365 Consulting

Similar documents
Information Governance and ediscovery in Office 365

Unpacking Office 365 A high level overview of the apps and services bundled in the standard Office 365 subscription: What is it Use cases FAQ

Microsoft Office 365 Business Plans

Exploring Data Governance. and Compliance. for. Office 365. Tony

Exchange 2007 End of Service: Modernize with Office 365. Todd Sweetser Technical Solutions Professional

The Economics of Office YTD Net Promoter Score. Microsoft Office365 10/20/2017. Paul Hoffman, CPA, CITP, CGMA CEO/President of SouthTech

Business Essentials Business Business Premium

NEW MICROSOFT FEATURES THAT WILL AFFECT EDISCOVERY IN THE FUTURE

Familiar Simple Easy Safe. New (Delve, Sway) Different Rich Engaging Potential for innovation. Late Majority 34% 2.5% Innovators. Early Majority 34%

Office 365 for businesses. Stay connected on the go

Why is Office 365 the right choice?

3.30pm. A sneak peek at Veeam 2018 releases Veeam for VMware Cloud on AWS technical deep dive Veeam Availability Console Update pm. 2.

Price list for Microsoft Office 365 from Swisscom. Valid from 1 may, 2016

Hosted Exchange Migration to O365 Campaign and Offer

Liquid Telecom Microsoft Partnership

OFFICE 365 GOVERNANCE: Top FAQ s & Best Practices. Internal Audit, Risk, Business & Technology Consulting

Office 365 for businesses. Stay connected on the go

Enabling Business Productivity with Office 365

Office 365 An Introduction to Features and Services

Office 365 Business The Microsoft Office you know, powered by the cloud.

Common approaches to management. Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C.

Presented by Max Fritz Senior Systems Consultant, Now Micro. Office 365 for Education What to Use When

ARMA Greater Columbus Office 365 ediscovery and Information Governance Workshop. May 17, 2018

Plymouth Rd, Suite 212, Plymouth Meeting, PA

DOWNLOAD OR READ : OFFICE 365 SECURITY AND TRUST STANDARD REQUIREMENTS PDF EBOOK EPUB MOBI

1

Enabling Office 365 Services (347)

Licensing Expert Series. Licensing Office 2013 & Office 365

EXPLORE MICROSOFT SHAREPOINT SERVER 2016 AND BEYOND #ILTAG70

Microsoft 365 Business FAQs

OFFICE 365 AND SHAREPOINT ONLINE: RAPID UPSKILL TRACK

MB Microsoft Dynamics CRM 2016 Online Deployment.

Microsoft 365. A complete, intelligent, secure solution to empower employees. Integrated for simplicity. Built for teamwork. Unlocks creativity

Microsoft Teams. A Gamechanger for Teamwork. Karuana Gatimu Principle Program Manager, Adoption. Ritika Gupta Program Manager

SharePoint 2016 Site Collections and Site Owner Administration

SharePoint 2016 Site Collections and Site Owner Administration

Running Effective Projects In Office 365. June 1, 2017

NaviSite Managed Office 365 Productivity Suite Powered by Microsoft

Product Overview Archive2Azure TM. Compliance Storage Solution Based on Microsoft Azure. From Archive360

DOCAVE ONLINE. Your Cloud. Our SaaS. A Powerful Combination. Online Services. Technical Overview ADMINISTRATION BACKUP & RESTORE

Cloud Computing. An introduction using MS Office 365, Google, Amazon, & Dropbox.

Mail. Having your mail stored in the cloud means you can access it just about anywhere on just about any device with an internet connection.

MICROSOFT APPLICATIONS

Define Your Office 365 External Sharing Strategy

: Course : SharePoint 2016 Site Collection and Site Administration

"Charting the Course... MOC A: SharePoint 2016 Site Collections and Site Owner Administration. Course Summary

GSX 365 Usage Reports & Security Audit

Office 365: Fact Sheet

to know about Microsoft Teams

Skype for Business Users: 18 Things to Know about Microsoft Teams for 2018

Myths About Moving to the Cloud. What small and medium-sized businesses really need to know about moving to Microsoft Office 365

Backup and Archiving for Office 365. White Paper

Top. Reasons Legal Teams Select kiteworks by Accellion

MCSA Office 365. A Success Guide to Prepare- Microsoft Enabling Office 365 Services. edusum.com

SharePoint Server 2016 Feature Comparison* Accessibility Standards Support Yes Yes. Asset Library Enhancements/Video Support Yes Yes.

Enterprise Vault Overview Nedeljko Štefančić

Microsoft Teams Chat-based workspace in Office 365

Office 365 External Sharing Webinar November 7, 2017

Level 1 Technical. Microsoft Lync Basics. Contents

Feature Set. Intelligent Archiving & ediscovery Software Solutions

Achieve more with 15 Productivity Tips for Office

CARROLL COUNTY PUBLIC SCHOOLS ADMINISTRATIVE REGULATIONS BOARD POLICY EHB: DATA/RECORDS RETENTION. I. Purpose

Professional Development

Microsoft Office 365 Enterprise from Vodafone. The power to collaborate

Pax8 Training Guide for Partners

The Definitive Guide to Office 365 External Sharing. An ebook by Sharegate

LSP O365 Hands-on Training Planet Technologies. 1

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Office 365 Portal, OneDrive, & Delve

UNITRENDS CLOUD BACKUP FOR OFFICE 365

Microsoft: What s new and cool FY16

Office 365 for Employees

IBM Compliance Offerings For Verse and S1 Cloud. 01 June 2017 Presented by: Chuck Stauber

SharePoint Online for Administrators

Enterprise-ready Unified communications platform

Managing Microsoft 365 Identity and Access

Archiving Market Update

Ingram Micro MaaXcloud Scope of Work Updated on: September 19, 2016

UNCLASSIFIED. Mimecast UK Archiving Service Description

THE AVENTIS GUIDE TO OFFICE 365

9 myths about moving to the cloud. What small and medium-size businesses need to know about moving to Microsoft Office 365

7/12/2018. Presented by: Todd McElmurry. Office 365

Manage as Records in SharePoint to Reduce Risk and Cost

Take control of your e-discovery process. Increase efficiency, reduce risk and keep costs in line with an integrated solution.

Introduction to SharePoint 2016

Licensing Microsoft Office 365 ProPlus Subscription Service in Volume Licensing

Basic. $5/user per mo.

Overview of Archiving. Cloud & IT Services for your Company. EagleMercury Archiving

Microsoft SharePoint Online for Administrators

Advanced Technologies of SharePoint 2016

Advanced Technologies of SharePoint 2016

Bitrix24 Cloud and On-Premise Features

Office 365: What to Expect When Moving to the Cloud

Microsoft SharePoint Server 2013 Plan, Configure & Manage

Enhancing and Extending Microsoft SharePoint 2013 for Secure Mobile Access and Management

This confirms that Ricky T has completed the following courses:

Office 365: What plan is the right one?

Discovery Attender. Version 2.2. White Paper. Discovery Attender is a member of the Attender Utilities family.

Datasheet. Only Workspaces delivers the features users want and the control that IT needs.

MCSA Office 365 Bootcamp

Transcription:

Office 365 ediscovery Background and Glossary By John P Collins, JD DTI, Director of Information Governance & Office 365 Consulting Background What is Office 365? It is a cloud-based service providing email, collaboration, real-time messaging (IM) and other productivity tools to individuals and organizations. Office 365 falls into the Software as a Service (SaaS) category of cloud computing: the user subscribes to the service, paying Microsoft a monthly fixed fee for a bundle of features and functions, including Exchange (email), SharePoint (collaboration and file storage) and Skype for Business (real-time communications-im, voice.) With Office 365, the underlying IT infrastructure (servers, storage, network plumbing) resides in Microsoft s data centers; the subscribing organization s users connect to Microsoft s data center to obtain access to the various tools. Why is Office 365 a major force in ediscovery? First, it s where organizations of all types and sizes and across every vertical are storing their ESI: email, documents, files consequently it s where a significant portion of documentary evidence is likely to reside. Those responsible for executing an organization s discovery obligations will need to learn how to identify, preserve, and collect from Office 365 since it will be (for many organizations) the primary source of ESI sought in discovery. Second, Office 365 has built-in ediscovery tools enabling organizations to identify, preserve, preview, collect, analyze, and cull ESI residing within the service. While, most organizations move to Office 365 for business, IT, and cost reasons, the presence of the built-in ediscovery tools should trigger an evaluation of where and how the tools might be leveraged to meet the organization s ediscovery obligations. Experience suggests organizations can fundamentally alter for the better their approach to ediscovery by employing some or all the built-in tools. Third, for many organizations the built-in ediscovery tools are already included in their license plan meaning there is no acquisition cost to obtain a set of new features to perform discovery tasks. Combined with the possibility that, by employing Office 365 s ediscovery tools, existing ediscovery tools that carry licensing or maintenance costs can be eliminated means an organization might derive significant cost savings through adoption of Office 365 s built-in ediscovery tools. Office 365 is where a significant portion often the majority of the ESI sought in discovery resides; there are tools embedded in the system to perform discovery; and, there is often no cost to acquire the tools. Furthermore, the tools can dramatically reduce downstream ediscovery spend. These dynamics reveal Office 365 for what it is: a major force in ediscovery. Page 1 of 7

What are the key components of Office 365 from an ediscovery perspective? Built-in ediscovery: tools to identify, preserve, preview, collect, analyze, and cull ESI residing in Office 365. The tools are available in some but not all Office 365 plans. From a licensing perspective, 1 the tools break down into two categories: Standard and Advanced: o Standard (sometimes referred to as E3 ) tools provide the ability to: Search (identify) Preserve-in-place (hold) Preview (early case assessment light ) Export (collect) o Advanced (sometimes referred to as E5 ) tools (based on the Equivio technology Microsoft acquired in January 2015) provide the following analytic capabilities for ESI in Office 365: Email threading New-duplicate detection Predictive coding Clustering Exchange Online: Office 365 is powered, in part, by Microsoft Exchange the email platform in existence for 20 years providing messaging, calendaring, tasks, contact management, etc. Exchange Online is subject to Office 365 s built-in ediscovery tools. Mashups: these are applications combining multiple elements of Office 365 to provide unique collaborative and communications functionality to users. These applications frequently store communications, files, and other ESI that is unique and separate from repositories of ESI from any given user s mailbox or OneDrive for Business. As noted below, mashups are not always subject to Office 365 s ediscovery tools when first released; in some instances, parts of a mashup are not subject to the tools while other parts are. o o o Groups: a core collaboration tool in Office 365 and one in which Microsoft is making significant investments. Each Group can have one or more participants (internal or external parties) and includes a standard set of shared resources: calendar, mailbox, document library, and OneNote notebook (recently added to each Group is a full SharePoint Team Site.) Members of a Group ostensibly communicate via group conversations threaded email conversations captured and residing within the Group s shared mailbox; participants in the Group can receive copies of Group conversations in their standard Exchange mailbox but this is optional. Groups ARE subject to Office 365 s built-in ediscovery tools. Planner: a Group but with an additional feature for project management. Using this feature, project tasks are created, assigned, and organized into buckets groups of tasks tracked throughout the lifecycle of a project. Buckets are not (as of August 2017) subject to Office 365 s built-in ediscovery tools, but the features Planner shares with Groups ARE. Teams: Microsoft describes Teams as a chat-centered workspace...it brings conversations, files, and tools into one place so everyone has instant access to everything they need. 2 Teams has also been described as tool for high-velocity collaboration situations where collaborators need and want to share information instantly. One of the central features of 1 https://support.office.com/en-us/article/ediscovery-faq-9d1a29ae-b7b4-4a27-9c8c-84289023dcae#q5 2 https://support.office.com/en-us/article/microsoft-teams-quick-start-422bf3aa-9ae8-46f1-83a2-e65720e1a34d Page 2 of 7

Teams is the chat function the ability to initiate and carry on conversations over an extended period. Teams also includes a Group so each Team by default has a document library, OneNote, calendar, etc. It is useful to note Teams is a millennial friendly application users can insert emoticons, Giphy, and other non-text artifacts into their communications. Office ProPlus: a subscription based model for acquiring the Office applications (Word, Excel, PowerPoint, Outlook); the applications are downloaded, via the internet, to the user s device. Included in some Office 365 plans (E3 and E5 for example), ProPlus allows users to download Office on to a maximum of 15 devices (5 tablets, 5 phones, 5 computers.) Implication: users storing their email in Outlook on 15 different devices. What happens when a user stops syncing one of their devices to Office 365? You have a unique island of email representing a snapshot in time. ProPlus can be managed to require the user to use only an approved device to download the software. Legal and ediscovery teams should discuss ProPlus with their IT counterparts. OneDrive for Business (ODB): an online file and document storage repository similar to Box and DropBox assigned to each user in Office 365 (each user gets his or her own.) The concept is to have OneDrive for Business replace local PC ( My Documents for example) and home directory/share (file server) as a user s primary file storage locations. ODB enables users to share files or folders with internal and (if permitted) external users. (NOTE: ODB comes with 1 terabyte of storage, and is a technically a SharePoint site.) The ESI stored in ODB IS subject to Office 365 s builtin ediscovery tools. SharePoint Online: SharePoint Online (like Exchange Online) is a fundamental building block upon with many of the Office 365 features and tools are built. Standing alone, SharePoint provides collaboration, intranet, extranet, application development, file sharing, document and records management capabilities. As a fundamental component of Office 365, elements of SharePoint power other features and tools most notably Groups, Teams, and Planner. The ESI stored and created via SharePoint Online IS subject to Office 365 s built-in ediscovery tools. Skype for Business: a platform providing instant messaging, online meetings, VoIP, video chat, etc. In addition, Skype for Business can replace traditional on-premise PBX (phone systems.) IM and call logs generated by Skype for Business ARE subject to Office 365 s built-in ediscovery tools. Sway: a web-based tool that allows users to create presentations called Sways and share them (via links) with internal or external parties. There is no Sway file per se; rather, Sway s exist solely as a cloud artifact. Sway has significant adoption in the educational markets, but less so in corporations. As of 8/2017, Sway is NOT subject to Office 365 s built-in ediscovery tools, so preservation and collection requires use of forensic tools and techniques similar to those used for social media and other web-based repositories. Yammer: social media platform for the enterprise, providing a Facebook-like collaboration experience. Users can create groups, carry on conversations, like posts, upload files and pictures. As of 8/2017, Yammer ESI is NOT subject to Office 365 s built-in ediscovery tools. Also, new options are being introduced to create Yammer Groups, which combine elements of Office 365 Groups with Yammer functionality. Page 3 of 7

Considerations When Your Organization or Client Moves to Office 365 1. What licenses does the organization own? a. Business Essentials b. Business c. Business Premium d. K1 e. Education or Enterprise E1 f. Government g. E3 h. E4 i. E5 2. Which of the following O365 services is being deployed by the organization: a. Exchange Online b. SharePoint Online c. Skype for Business i. Have you discussed Conversation History status (whether to retain/archive IM chats)? d. O365 Groups e. Teams f. Planner g. Yammer (NOTE: as of 8/2017 Yammer ESI is not subject to O365 s built-in ediscovery tools) 3. Is the organization migrating ESI from legacy repositories as follows: a. Current on-premise email to Exchange Online b. Current on-premise SharePoint to SharePoint Online c. Individual user s PC ESI to OneDrive for Business d. Individual user s home-share ESI to OneDrive for Business e. Individual user s PST files to Exchange Online 4. Who will be granted ediscovery permissions in your tenant? a. ediscovery Manager= b. ediscovery Administrator= c. Custom= 5. Will you leverage the following ediscovery tools: a. ediscovery search b. Preservation (preserve ESI in place) c. Preview/Early Case Assessment d. Collection/Export 6. Can you eliminate licensing costs for other tools by leveraging O365 s built-in ediscovery tools? 7. What is your organization s annual spend for: a. ediscovery analytics (email threading, near-duping)? b. Technology Assisted Review? c. ediscovery processing? 8. Do you have the desire to move away from 3 rd party email archiving and journaling to meet preservation needs? 9. Do you want to move away from custodian self-preservation? 10. Is there a need to set up clearly identified and enforced barriers between USA and EU based ediscovery permissions (for example, prevent USA based staff from accessing EU staff ESI.) 11. Have you identified a PowerShell resource? Page 4 of 7

12. Do you have an audit and reporting strategy for using ediscovery tools in O365? 13. Is the legal department connected with/working with IT and the business on O365 adoption and rollout to ensure a proper legal (ediscovery and RIM oriented) framework is in place? 14. Is your organization planning on deploying O365 s built-in Information Governance (referred to by Microsoft as Data Governance tools)? 15. Have you received adequate training on O365 s built-in ediscovery and Information Governance tools, especially regarding limitations and caveats: a. Indexing b. Exports c. Change management 16. Is Office ProPlus deployed? a. If yes, are users permitted to download Office to non-domain joined devices? Glossary Content Search (in Security & Compliance Center): one of the several ediscovery tools available in Office 365, Content Search allows a user with proper permissions to search one or more mailboxes, SharePoint sites, ODB, Groups, and Exchange Public Folders. After executing a search, the user may 1) preview the search results; 2) export the search results; 3) analyze the search results using O365 Equivio Conversation History: a folder which is automatically created in user s Outlook mailbox that archives IM chats and call logs (for calls made via the Skype client client.) The ability to retain IM and call logs in the conversation history folder can be turned on and off at either the user or organization level. Some organizations leave it up to the user. If conversation history is enabled and IM and call logs are captured, they are subject to Office 365 s built-in ediscovery tools. Data Governance: a set of tools to retain and dispose of ESI across the various workloads and repositories in O365. There are two primary components to Data Governance: retention policies and labels. Retention policies can target certain repositories and users for example, all mailboxes and OneDrive for Business sites and apply specific retention and disposition requirements. Retention policies can be triggered based on when an item was created, sent/received, or by the presence of certain keywords, phrases, or sensitive information. Labels can be applied to specific items such as an email or a document, and like retention policies, can be based on when an item was created, sent/received, or by the presence of certain keywords, phrases, or sensitive information. Labels add an additional trigger, which is when the item is labeled. Retention policies and labels can be combined to form a complex retention and disposition framework. DLP (Data Loss Prevention): provides the ability to set up rules that trigger actions when certain types of content (sensitive, confidential, personal) is found in certain locations in Office 365 (Exchange and SharePoint primarily.) For example, if a user stores a spreadsheet with 25 credit card numbers in OneDrive for Business, an alert can be sent to a legal or a compliance officer; alternatively, if the user tries to email the same spreadsheet, the email itself can be blocked, encrypted, forwarded to a compliance officer, sent back to the user, or just deleted (with or without notifying the sender of these actions.) Document Deletion Policies: broad-brush retention policies that can be applied to SharePoint and OneDrive for Business document libraries. If a document deletion policy is in effect, files are deleted a certain number of days after EITHER the file s created or last modified date. These policies can be mandatory or optional; users may also be given the option to choose from among several policies. This feature is being deprecated in favor of the new data governance features. Page 5 of 7

ediscovery (in Security & Compliance Center): one of several ediscovery tools available in Office 365. Those with appropriate permissions can 1) search one or more mailboxes, SharePoint sites, ODB, Groups, Teams, and Exchange Public Folders; 2) can place ESI residing in the locations searched on inplace hold; 3) can preview emails, documents, and other files; 4) can export the ESI out for further review in down-stream review tools. These activities are all done without disrupting the endusers/custodians. E3: refers to one of the O365 licensing plans. E3 licensing includes the Standard Office 365 built-in ediscovery tools (identification/search, preservation/hold, preview, and collection/export.) E5: refers to one of the O365 licensing plans. E5 includes all the features of E3 plus additional functionality for ediscovery commonly referred to as Advanced ediscovery. Advanced ediscovery includes the former Equivio suite of tools for structured analytics (near-duping, email threading, and clustering) and predictive coding. Hybrid: denotes an Office 365 environment where a portion of the organization s Exchange, SharePoint, and Skype for Business environment remains on-prem (the infrastructure, i.e., servers, data storage, etc. remain in the organization s own data centers.) For organizations with more than several hundred email users they will likely be in a hybrid mode for a period (typically for the duration of mailbox migration.) Some organizations elect to stay in hybrid mode on a permanent or extended basis. ediscovery in a hybrid environment requires integrations between cloud and on-prem components, and has a number of limitations 3. In-Place Archive: Microsoft s terminology for what is in essence an expansion of a user s primary mailbox, it provides additional email storage capacity in some plans, its unlimited storage. Items can be moved systematically from a user s primary mailbox to the archive. The In-Place Archive has to be turned on for a user (by default it is NOT enabled.) Office 365 s built-in ediscovery tools can search, preserve, and collect from the In-Place Archive. Labels: labels are a data governance tool. An administrator sets up various labels based on the organization s retention and disposition requirements and makes them available for application with the tenant. Labels can be applied manually or automatically. Labels are typically applied to individual items, but may also be applied to all items uploaded or created in a SharePoint document library. Like retention policies, labels can be based on when an item was created, sent/received, or by the presence of certain keywords, phrases, or sensitive information, however, labels add an additional trigger, which is when the item is labeled. Messaging Records Management (MRM): legacy (they are being deprecated in favor of the new data governance features) tools for email retention and disposition in Exchange and Outlook. MRM enables an administrator to set up policies which determine how long email (and other items) are retained in a user s mailbox. For example, a policy could be configured wherein all emails in a given employee s mailbox are automatically purged after 180 days EXCEPT items tagged by the employee (or via a rule.) In this example, users could be provided tags for 1 year, 3 year, and permanent retention; any items users apply one of these tags to will be retained for that period of time and thus not subject to being purged after 180 days. Multiple policies can be created to meet the needs of different departments and user groups. PowerShell: a command line scripting language that underlies many Microsoft technologies, including Office 365. PowerShell allows for the automation of tasks via its command-line interface, and is 3 https://technet.microsoft.com/en-us/library/dn497703(v=exchg.150).aspx Page 6 of 7

particularly helpful in automating execution and reporting of ediscovery activities in Office 365. Organizations seeking to employ Office 365 s ediscovery tools on a large-scale basis typically employ some level of PowerShell scripting and automation. Retention Policies: retention policies can target certain repositories and users for example, all mailboxes and OneDrive for Business sites and apply specific retention and disposition rules. For example: keep all items in OneDrive for Business, SharePoint, and Teams for 5 years after the last modified date. Retention policies can be triggered based on when an item was created, sent/received, or by the presence of certain keywords, phrases, or sensitive information. For example: delete any item with the phrase for training purposes only 3 years after creation date. Security & Compliance Center: Office 365 administrative interface from which users with appropriate permissions can access tools for ediscovery, information security, retention, and other related compliance features. Page 7 of 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback